The social networking behemoth has been fighting data privacy rules proposed in Brussels in January, and has taken particular interest in the ‘right to be forgotten’. It recently said the rule, which would force companies to delete customers’ data when they ask for it to be erased, “raises many concerns with regard to the right of others to remember and to freedom of expression”.

But Facebook also believes that if customers want to have all of their data deleted from a particular site, it will require service providers, like Facebook, Google, Twitter and any other company involved in publishing data on the Web, to track customers’ activity across other websites than their own.

Right to be forgotten

“The obligation to delete data that has been copied to other services is something we cannot control. In order to meet such obligations it would mean that service providers would be obliged to monitor people’s activities across the Internet.

“It is practically impossible for Facebook to delete information that has been copied to other sites and also has implications on the right to freedom of expression on the Internet.”

Griffin said that Facebook had worked hard to let users delete information from the site and essentially be forgotten on facebook.com.

“Facebook does more than most to help its users control their privacy and delete their data,” she added, pointing to various Facebook services such as the Download Your Information Tool and the “straightforward process of either deleting or deactivating your account”.

“There are a lot of myths floating around about FB which keep getting rehashed and where we haven’t done things well enough in the past we have tried to improve,” she added.

Some believe Facebook is actually misinterpreting what the Commission is proposing. Jim Killock, executive director of the Open Rights Group, said “the right to be forgotten is not about what individual users do, but how Facebook or other companies share user data, and how a user revokes permission”.

“There is a conflation in companies’ minds of the generic reuse of published information and the commercial sharing of user data. Separate these out and you can see the root idea is common sense,” Killock told TechWeekEurope.

“That said the drafting could be improved. This is often true with legislation, and we should support Reding’s effort to improve user control of their data.”

Sharing data

One of the biggest problems privacy professionals have with social networks like Facebook and active Web 2.0 companies is that they share information with other businesses where they see fit.

Privacy and security company Steganos today released a report lambasting such businesses for their privacy policies. Steganos said numerous Internet service providers are sharing personal information without users’ permission or court orders.

It noted that Facebook’s privacy policy states it may “supply law enforcement information to help prevent or respond to fraud and other illegal activity, as well as violations of Facebook terms.” It noted similar statements, as seen in the infographic below.

Privacy nightmare?

TechWeekEurope asked Facebook whether it thought it was bringing privacy problems on itself by handing over data to third parties, but it had not responded at the time of publication.

Privacy professional Phil Booth recommended letting users tag pieces of data posted on sites like Facebook. That would mean information could be tracked down easily and retrieved without necessarily having to know where Web users have been. However, he said modifying the culture or behaviour of web companies would be better then “techno-legal fixes”.

The EC sources said the Commission was standing firm and not being swayed by US lobbyists. It will keep the ‘right to be forgotten’, and is determined to stick with other controversial plans, including increasing regulators’ fining powers across member states.

The key issue here is one of changing culture. The big companies listed above see it in their business interest to continuously ‘redefine’ privacy from a legal PoV through action that becomes ingrained. This is because their ‘free’ services are not free at all. You pay with your data. Its an implicit contract of service that many now want made explicit and privacy laws are just one way to tackle that cultural change.

There are many ways in which users benefit in terms of service by sharing data – but the key question is – should that be implicit and hidden by these corporates? or explicit and controllable by the owner of
that data.

The other question is – what if there was an alternative? social media and other tools that made their contract of service explicit with their users and was completely transparent about data use? Then we’d see facebook et al having to re-think their approach.

Why would a consumer’s request to be forgotten require that service providers “track customers’ activity across other websites than their own”? What’s wrong with simply honoring the request, rather than stalking consumers who have asked not to be stalked.

There is an even easier way to avoid being tracked – read the privacy policies of the pages you visit and don’t sign up for the service that tracks you. It is all there in black and white, unless you are too lazy to take YOUR privacy into YOUR hands.